M365 Monitored Alerts
M365 Monitored Alerts track and report on specific security events and activities within your environment. These alerts include detections of potential threats, policy violations, and unusual user behaviors. Each alert type helps in proactively identifying and mitigating security risks. These are the alerts collected and monitored by Augmentt:
Name | Category | Severity | Description | Source | Licensing |
|---|---|---|---|---|---|
Add App Role Assignment Grant To user | Application Management | Low | User has been granted app role assignment | Audit Log | Basic (non-P1) |
Add App Role Assignment To Service Principal | Application Management | Low | Service principal has been granted app role assignment | Audit Log | Basic (non-P1) |
Add Application | Application Management | Low | An application was added to Azure | Audit Log | Basic (non-P1) |
Add Delegated Permission Grant | Application Management | Low | User was granted delegated permission | Audit Log | Basic (non-P1) |
Add Owner | Application Management | Low | An owner was added to the application | Audit Log | Basic (non-P1) |
Add Service Principal | Application Management | Low | A service principal was added | Audit Log | Basic (non-P1) |
Add Service Principal Credentials | Application Management | Medium | Service principal credentials were added | Audit Log | Basic (non-P1) |
Consent To Application | Application Management | Medium | A application was consented to | Audit Log | Basic (non-P1) |
Remove Delegated Permission Grant | Application Management | Low | Delegated permission grant was removed | Audit Log | Basic (non-P1) |
Update Application | Application Management | Low | An application was updated | Audit Log | Basic (non-P1) |
Update Application Certificates And Secrets Management | Application Management | Medium | Application certificates and secrets management were updated | Audit Log | Basic (non-P1) |
Update Service Principal | Application Management | Low | A service principal was updated | Audit Log | Basic (non-P1) |
Add A Partner To Cross Tenant Access Setting | Cross Tenant Access Settings | High | A partner was added to cross tenant access settings | Audit Log | Basic (non-P1) |
Add Device | Device | Low | A device was added | Audit Log | Basic (non-P1) |
Device No Longer Compliant | Device | Low | A device is no longer compliant | Audit Log | Basic (non-P1) |
Device No Longer Managed | Device | Medium | A device is no longer managed | Audit Log | Basic (non-P1) |
Register Device | Device | Low | A device was registered | Audit Log | Basic (non-P1) |
Remove Member From Group | Group Management | Low | A member was removed from a group | Audit Log | Basic (non-P1) |
Remove Owner From Group | Group Management | Low | Owner was removed from a group | Audit Log | Basic (non-P1) |
Update Policy | Policy | Low | A policy was updated | Audit Log | Basic (non-P1) |
Delete Conditional Access Policy | Policy | High | Conditional Access Policy was deleted | Audit Log | Basic (non-P1) |
Delete Policy | Policy | Medium | A policy was deleted | Audit Log | Basic (non-P1) |
Update Conditional Access Policy | Policy | Medium | Conditional Access Policy was updated | Audit Log | Basic (non-P1) |
Update Authorization Policy | Policy | Medium | Authorization Policy was updated | Audit Log | Basic (non-P1) |
Add Member To Role Outside of PIM permanent | Resource Management | High | A member was added to a role outside of PIM | Audit Log | Basic (non-P1) |
Triggered PIM Alert | Resource Management | High | A PIM alert was triggered | Audit Log | Basic (non-P1) |
Update Role | Role Management | Medium | A role was updated | Audit Log | Basic (non-P1) |
Add User | User Management | Low | A new user was added | Audit Log | Basic (non-P1) |
Admin Deleted Security Info | User Management | High | An admin deleted their security info | Audit Log | Basic (non-P1) |
Admin Registered Security Info | User Management | Low | An admin registered their security info | Audit Log | Basic (non-P1) |
Change Password Self-Service | User Management | Low | A self-service password change was initiated | Audit Log | Basic (non-P1) |
Change User License | User Management | Low | User license changes applied | Audit Log | Basic (non-P1) |
Change User Password | User Management | Low | A user changed their password | Audit Log | Basic (non-P1) |
Enable Account | User Management | Low | An account was enabled | Audit Log | Basic (non-P1) |
Disable Account | User Management | Low | An account was disabled | Audit Log | Basic (non-P1) |
Invite External User | User Management | Low | An external user was invited | Audit Log | Basic (non-P1) |
Redeem External User Invite | User Management | Low | An external user redeemed invitation | Audit Log | Basic (non-P1) |
Reset Password by Admin | User Management | Medium | A password was reset by admin | Audit Log | Basic (non-P1) |
Reset Password Self-Service | User Management | Low | A password was reset by SSPR | Audit Log | Basic (non-P1) |
Reset User Password | User Management | Low | User password was reset | Audit Log | Basic (non-P1) |
User Changed Default Security Info | User Management | Low | A user changed the default security info | Audit Log | Basic (non-P1) |
User Deleted Security Info | User Management | Low | A user deleted their security info | Audit Log | Basic (non-P1) |
Disable Strong Authentication | User Management | High | Strong authentication was disabled | Audit Log | Basic (non-P1) |
Set Verified Publisher | User Management | Low | Set verified publisher | Audit Log | Basic (non-P1) |
Risky Sign-in Inside Country | Sign-in Risk | Low | Entra Risky Activities | AAD P1 | |
Risky Sign-in Outside Country | Sign-in Risk | High | Entra Risky Activities | AAD P1 | |
Impossible travel activity | impossible travel | Variable | Zis eez not possibru | Entra Risky Activities | AAD P1 |
Atypical travel | impossible travel | Variable | Entra Risky Activities | AAD P1 |